PuTTY bug mit-kerberos-dll-trouble

This is a mirror. Follow this link to find the primary PuTTY web site.

summary: MIT Kerberos GSSAPI support broken (can't load its DLLs)
class: bug: This is clearly an actual problem we want fixed.
priority: high: This should be fixed in the next release.
absent-in: 0.67
present-in: 0.68
fixed-in: 802b4edf4d59a04e903fc8ef5342e25b6a566dc6 (0.69)

We've had multiple reports that the fix for vuln-indirect-dll-hijack broke MIT Kerberos support.

Apparently gssapi32.dll needs to load other DLLs from a location like C:\Program Files\mit\kerberos\bin, such as krb5_32.dll.

Apparently you get a message something like "The program can not be started because krb5_32.dll is missing on the computer. Reinstall the program to resolve the problem." (wording may not be exact)

Reports:

19d3ed49-b768-3716-b21f-7704cd08aa6c@mit.edu (with proposed fix strategy)
5adb8b03-87c8-f613-c0ab-ce2ff4f15b03@uni-paderborn.de (also with fix)

If you want to comment on this web site, see the Feedback page.

Audit trail for this bug.

(last revision of this bug record was at 2017-04-28 16:52:45 +0100)